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Answer: C 


QUESTION: 99 

Your company has an office in New York. Many users connect to the office from home 
by using the Internet. You deploy an Active Directory Certificate Services (AD CS) 
infrastructure that contains an enterprise certification authority (CA) named CA1. CA1 is 
only available from hosts on the internal network. You need to ensure that the certificate 
revocation list (CRL) is available to all of the users. What should you do? (Each correct 
answer presents part of the solution. Choose all that apply.) 


A. Create a scheduled task that copies the CRL files to a Web server. 

B. Run the Install-ADCSWebEnrollment cmdlet. 

C. Run the Install-EnrollmentPolicyWebService cmdlet. 

D. Deploy a Web server that is accessible from the Internet and the internal network. 
E. Modify the location of the Authority Information Access (AIA). 

F. Modify the location of the CRL distribution point (CDP). 


Answer: A, D, F 


Explanation: 

CRLs will be located on Web servers which are Internet facing. CRLs will be accessed 
using the HTTP retrieval protocol. 

CRLs will be accessed using an external URL of http://dp1.pki.contoso.com/pki 

F: To successfully authenticate an Internet Protocol over Secure Hypertext Transfer 
Protocol (IP-HTTPS)-based connection, DirectAccess clients must be able to check for 
certificate revocation of the secure sockets layer (SSL) certificate submitted by the 
DirectAccess server. To successfully perform intranet detection, DirectAccess clients 
must be able to check for certificate revocation of the SSL certificate submitted by the 
network location server. This procedure describes how to do the following: Create a 
Web-based certificate revocation list (CRL) distribution point using Internet Information 
Services (IIS) Configure permissions on the CRL distribution shared folder Publish the 
CRL in the CRL distribution shared folder Reference: Configure a CRL Distribution 
Point for Certificates 


QUESTION: 100 

HOTSPOT 

Your network contains an Active Directory forest named contoso.com. All servers run 
Windows Server 2012 R2. The forest contains two servers. The servers are configured as 
shown in the following table. 
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Server name Role 

Serverl | Active Directory Federation Services (AD FS) _ 
Server2 Web application proxy 

You prepare the forest © support Workplace Join and you enable the Device Registration 


Service (DRS) on Serverl. You need to ensure that Workplace Join meets the following 
requirements: 


c® Application access must be based on device claims. 
c> Users who attempt to join their device to the workplace through Server2 must be 
prevented from locking out their Active Directory account due to invalid credentials. 


Which cmdlet should you run to achieve each requirement? To answer, select the cmdlet 
for each requirement in the answer area. 


Answer Area 


Application access must be based on device claims: Ne 


Users who attempt to join their device to the 

workplace through Server2 must be prevented from Ss 
locking out their Active Directory account due to 

invalid credentials: 


Answer Area 


Application access must be based on device claims: | 


Set-Adfs ClaimsProviderTrust 
Set-AdfsGlobalAuthenticationPolicy 
Set-AdfsProperties 
Set-AdfsRelyinaParty Trust 
Users who attempt to join their device to the 
workplace through Server2 must be prevented from 


locking out their Active Directory account due to 


Set-AdfsClalmsProviderTrust 
Set-AdfsGlobalAuthenticationPolicy 
invalid credentials: Set-AdfsProperties 
Set-AdfsRelyingPartyTrust 


Answer: 
Exhibit 
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Answer Area 


Application access must be based on device claims: 


Users who attempt to join their device to the 
workplace through Server2 must be prevented from 


: i a . erTrust 
locking out their Active Directory account due to -A A hticationPolicy 


invalid credentials: 


QUESTION: 101 

Your network contains the following roles and applications: 

c> Microsoft SQL Server 2012 

c® Distributed File System (DFS) Replication 

c® Active Directory Domain Services (AD DS) 

c® Active Directory Rights Management Services (AD RMS) 

c® Active Directory Lightweight Directory Services (AD LDS) 

You plan to deploy Active Directory Federation Services (AD FS). You need to identify 
which deployed services or applications can be used as attribute stores for the planned 
AD FS deployment. What should you identify? (Each correct answer presents a complete 
solution. Choose all that apply.) 


A. DFS 

B. AD RMS 

C. Microsoft SQL Server 2012 
D. AD LDS 

E. AD DS 


Answer: C, D, E 


QUESTION: 102 

Your company has 10,000 users located in 25 different sites. All servers run Windows 
Server 2012. All client computers run either Windows 7 or Windows 8. You need to 
recommend a solution to provide self-service password reset for all of the users. What 
should you include in the recommendation? 


A. The Microsoft System Center 2012 Service Manager Self-Service Portal and 
Microsoft System Center 2012 Orchestrator runbooks 
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B. Microsoft System Center 2012 Operations Manager management packs and Microsoft 
System Center 2012 Configuration Manager collections 

C. The Microsoft System Center 2012 Service Manager Self-Service Portal and 
Microsoft System Center 2012 Operation Manager management packs 

D. Microsoft System Center 2012 App Controller and Microsoft System Center 2012 
Orchestrator runbooks 


Answer: A 


QUESTION: 103 

Your network contains an Active Directory domain named contoso.com. The domain 
contains 200 servers that run either Windows Server 2012 R2, Windows Server 2012, or 
Windows Server 2008 R2. The servers run the following enterprise applications: 

c® Microsoft Exchange Server 2013 

c® Microsoft SQL Server 2014 

System Center 2012 R2 Operations Manager is deployed to the domain. Operations 
Manager monitors all of the servers in the domain. Audit Collection Services (ACS) is 
installed. You need to recommend a monitoring strategy for the domain that meets the 
following requirements: 

c® A group of administrators must be notified when an error is written to the System log 
on the servers that run Exchange Server 2013. 

c® A group of administrators must be notified when a specific event is written to The 
Application log on the servers that run SQL Server 2014. 

What is the best approach to achieve the goal? More than one answer choice may achieve 
the goal. Select the BEST answer. 


A. From Operations Manager, enable audit collection. 

B. From Operations Manager, implement two monitors. 

C. From Computer Management, implement one event subscription. 
D. From Operations Manager, implement two rules. 


Answer: D 


QUESTION: 104 

Your company has three main offices named Mainl, Main2, and Main3. The network 
contains an Active Directory domain named contoso.com. Each office contains a help 
desk group. You plan to deploy Microsoft System Center 2012 Configuration Manager to 
meet the following requirements: 

c® The members of the Domain Admins group must be able to manage all of the 
Configuration Manager settings. 
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c> The help desk groups must be able to manage only the client computers in their 
respective office by using Configuration Manager. 

You need to recommend a Configuration Manager infrastructure to meet the 
requirements. Which infrastructure should you recommend? More than one answer 
choice may achieve the goal. Select the BEST answer. 


A. Three sites that contain one collection for each office 
B. One site that contains one collection 

C. Three sites that each contain one collection 

D. One site that contains a collection for each office 


Answer: D 


QUESTION: 105 

Y our network contains the following: 

c® 20 Hyper-V hosts 

c® 100 virtual machines 

c® 2,000 client computers 

You need to recommend an update infrastructure design to meet the following 
requirements: 

c® Deploy updates to all of the virtual machines and the client computers from a single 
console. 

c® Generate reports that contain a list of the applied updates. 

What should you recommend? More than one answer choice may achieve the goal. Select 
the BEST answer. 


A. One Windows Server Update Services (WSUS) server integrated with Microsoft 
System Center 2012 Configuration Manager and a second WSUS server that is integrated 
with Microsoft System Center 2012 Virtual Machine Manager (VMM) 

B. One Windows Server Update Services (WSUS) server integrated with Microsoft 
System Center 2012 Virtual Machine Manager (VMM) 

C. One Windows Server Update Services (WSUS) server integrated with Microsoft 
System Center 2012 Configuration Manager, a second WSUS server integrated with 
Microsoft System Center 2012 Virtual Machine Manager (VMM), and a third standalone 
WSUS server. 

D. One Windows Server Update Services (WSUS) server integrated with Microsoft 
System Center 2012 Configuration Manager and Microsoft System Center 2012 Virtual 
Machine Manager (VMM) 
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Answer: D 


QUESTION: 106 

Your network contains an Active Directory domain named contoso.com. The domain 
contains a Microsoft System Center 2012 infrastructure. All client computers have a 
custom application named Appl installed. Appl generates an Event ID 42 every time the 
application runs out of memory. Users report that when Appl runs out of memory, their 
client computer runs slowly until they manually restart Appl. You need to recommend a 
solution that automatically restarts Appl when the application runs out of memory. The 
solution must use the least amount of administrative effort. What should you include in 
the recommendation? 


A. From Configurations Manager, create a desired configuration management baseline. 
B. From Windows System Resource Manager, create a resource allocation policy. 

C. From Event Viewer, attach a task to the event. 

D. From Operations Manager, create an alert. 


Answer: D 


QUESTION: 107 

Your company has a human resources department and a finance department. You are 
planning an administrative model for both departments to meet the following 
requirements: 

c> Provide human resources managers with the ability to view the audit logs for the files 
of their department. 

c> Ensure that only domain administrators can view the audit logs for the files of the 
finance department. 

You need to recommend a solution for the deployment of file servers for both 
departments. What should you recommend? More than one answer choice may achieve 
the goal. Select the BEST answer. 


A. Deploy one file server. Add the human resources managers to the local Administrators 
group. 

B. Deploy one file server. Add the human resources managers to the local Event Log 
Readers group. 

C. Deploy two file servers. Add the human resources managers to the local 
Administrators group on one of the servers. 

D. Deploy two file servers. Add the human resources managers to the local Event Log 
Readers group on one of the servers. 
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Answer: D 
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